Wikipedia

Android (operating system): Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Security and privacy: Berkeley study
Steel (talk | contribs)
20,265 edits
Cannot find where the study supports this claim, please be more specific
Line 118:
{{See also|Mobile security}}
 
Android applications run in a [[Sandbox (computer security)|sandbox]], an isolated area of the system that does not have access to the rest of the system's resources, unless access permissions are explicitly granted by the user when the application is installed. Before installing an application, the [[Google Play|Play Store]] displays all required permissions: a game may need to enable vibration or save data to an [[SD card]], for example, but should not need to read SMS messages or access the phonebook. After reviewing these permissions, the user can choose to accept or refuse them, installing the application only if they accept.<ref>{{cite web |url=http://source.android.com/tech/security/index.html |title=Android Security Overview |work=Android Open Source Project |accessdate=2012-02-20}}</ref> The sandboxing and permissions system lessens the impact of vulnerabilities and bugs in applications, but developer confusion and limited documentation has resulted in applications routinely requesting unnecessary permissions, reducing its effectiveness.<ref name="demystified">{{cite paper |first1=Adrienne Porte |last1=Felt |first2=Erika |last2=Chin |first3=Steve |last3=Hanna |first4=Dawn |last4=Song |first5=David |last5=Wagner |url=http://www.cs.berkeley.edu/~afelt/android_permissions.pdf |title=Android Permissions Demystified |accessdate=2012-02-20}}</ref> Several security firms, such as [[Lookout Mobile Security]],<ref>{{cite web |url=http://www.mylookout.com |title=Lookout Mobile Security |publisher=Lookout |accessdate=2012-07-05}}</ref> [[AVG Technologies]],<ref>{{cite web |url=http://www.avg.com/us-en/antivirus-for-android |title=Antivirus for Android Smartphones |publisher=AVG |accessdate=2012-02-16}}</ref> and [[McAfee]],<ref>{{cite web |url=https://www.mcafeemobilesecurity.com/products/android.aspx |title=McAfee Mobile Security for Android |publisher=Mcafeemobilesecurity.com |accessdate=2012-02-16}}</ref> have released antivirus software for Android devices. This software is ineffective as sandboxing also applies to such applications, limiting their ability to scan the deeper system for threats.<ref name="extremetech">http://www.extremetech.com/computing/104827-android-antivirus-apps-are-useless-heres-what-to-do-instead/2 Android antivirus apps are useless, here's what to do instead&nbsp;— access April 10, 2012</ref>
 
Research from security company [[Trend Micro]] lists premium service abuse as the most common type of Android malware, where text messages are sent from infected phones to [[premium-rate telephone number]]s without the consent or even knowledge of the user.<ref name="micro">{{cite web|last=Protalinski |first=Emil |url=http://www.zdnet.com/android-malware-numbers-explode-to-25000-in-june-2012-7000001046/ |title=Android malware numbers explode to 25,000 in June 2012 |publisher=ZDNet |date=2012-07-17 |accessdate=2012-11-09}}</ref> Other malware displays unwanted and intrusive adverts on the device, or sends personal information to unauthorised third parties.<ref name="micro" /> Security threats on Android are reportedly growing exponentially; however, Google engineers have argued that the malware and virus threat on Android is being exaggerated by security companies for commercial reasons,<ref name="exaggeration">{{cite web|url=http://www.pcadvisor.co.uk/news/network-wifi/3320818/mobile-malware-exaggerated-by-charlatan-vendors-says-google-engineer/ |title=Mobile malware exaggerated by "charlatan" vendors, says Google engineer |publisher=PC Advisor |date=2011-11-24 |accessdate=2012-11-09}}</ref><ref name="extremely">{{cite web|url=http://www.androidcentral.com/android-42-brings-new-security-features-scan-sideloaded-apps |title=Android 4.2 brings new security features to scan sideloaded apps |publisher=Android Central |date=|accessdate=2012-11-09}}</ref> and have accused the security industry of playing on fears to sell virus protection software to users.<ref name="exaggeration" /> Google maintains that dangerous malware is actually extremely rare,<ref name="extremely" /> and a survey conducted by F-Secure showed that only 0.5% of Android malware reported had come from the Google Play store.<ref>{{cite web|url=http://www.phonearena.com/news/Android-malware-perspective-only-0.5-comes-from-the-Play-Store_id36696 |title=Android malware perspective: only 0.5% comes from the Play Store |publisher=Phonearena.com |date=|accessdate=2013-03-14}}</ref> An analysis in 2011 by researches from [[Berkeley University]] for the [[ACM conference]] on Computer and communications security found that [[Intent (Android)|intents]] (the inter-application communication platform) can suppose a security risk, allowing attackers to read content in messages and to insert malicious messages between applications. <ref name=berkeley>Felt, A. P., Chin, E., Hanna, S., Song, D., & Wagner, D. (2011, October). Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security (pp. 627-638). ACM.</ref>
The sandboxing and permissions system lessens the impact of vulnerabilities and bugs in applications, but developer confusion and limited documentation has resulted in applications routinely requesting unnecessary permissions, reducing its effectiveness.<ref name="demystified">{{cite paper |first1=Adrienne Porte |last1=Felt |first2=Erika |last2=Chin |first3=Steve |last3=Hanna |first4=Dawn |last4=Song |first5=David |last5=Wagner |url=http://www.cs.berkeley.edu/~afelt/android_permissions.pdf |title=Android Permissions Demystified |accessdate=2012-02-20}}</ref> Several security firms, such as [[Lookout Mobile Security]],<ref>{{cite web |url=http://www.mylookout.com |title=Lookout Mobile Security |publisher=Lookout |accessdate=2012-07-05}}</ref> [[AVG Technologies]],<ref>{{cite web |url=http://www.avg.com/us-en/antivirus-for-android |title=Antivirus for Android Smartphones |publisher=AVG |accessdate=2012-02-16}}</ref> and [[McAfee]],<ref>{{cite web |url=https://www.mcafeemobilesecurity.com/products/android.aspx |title=McAfee Mobile Security for Android |publisher=Mcafeemobilesecurity.com |accessdate=2012-02-16}}</ref> have released antivirus software for Android devices. This software is ineffective as sandboxing also applies to such applications, limiting their ability to scan the deeper system for threats.<ref name="extremetech">http://www.extremetech.com/computing/104827-android-antivirus-apps-are-useless-heres-what-to-do-instead/2 Android antivirus apps are useless, here's what to do instead&nbsp;— access April 10, 2012</ref>
 
Research from security company [[Trend Micro]] lists premium service abuse as the most common type of Android malware, where text messages are sent from infected phones to [[premium-rate telephone number]]s without the consent or even knowledge of the user.<ref name="micro">{{cite web|last=Protalinski |first=Emil |url=http://www.zdnet.com/android-malware-numbers-explode-to-25000-in-june-2012-7000001046/ |title=Android malware numbers explode to 25,000 in June 2012 |publisher=ZDNet |date=2012-07-17 |accessdate=2012-11-09}}</ref> Other malware displays unwanted and intrusive adverts on the device, or sends personal information to unauthorised third parties.<ref name="micro" /> Security threats on Android are reportedly growing exponentially; however, Google engineers have argued that the malware and virus threat on Android is being exaggerated by security companies for commercial reasons,<ref name="exaggeration">{{cite web|url=http://www.pcadvisor.co.uk/news/network-wifi/3320818/mobile-malware-exaggerated-by-charlatan-vendors-says-google-engineer/ |title=Mobile malware exaggerated by "charlatan" vendors, says Google engineer |publisher=PC Advisor |date=2011-11-24 |accessdate=2012-11-09}}</ref><ref name="extremely">{{cite web|url=http://www.androidcentral.com/android-42-brings-new-security-features-scan-sideloaded-apps |title=Android 4.2 brings new security features to scan sideloaded apps |publisher=Android Central |date=|accessdate=2012-11-09}}</ref> and have accused the security industry of playing on fears to sell virus protection software to users.<ref name="exaggeration" /> Google maintains that dangerous malware is actually extremely rare,<ref name="extremely" /> and a survey conducted by F-Secure showed that only 0.5% of Android malware reported had come from the Google Play store.<ref>{{cite web|url=http://www.phonearena.com/news/Android-malware-perspective-only-0.5-comes-from-the-Play-Store_id36696 |title=Android malware perspective: only 0.5% comes from the Play Store |publisher=Phonearena.com |date=|accessdate=2013-03-14}}</ref> An analysis in 2011 by researches from [[Berkeley University]] for the [[ACM conference]] on Computer and communications security found that [[Intent (Android)|intents]] (the inter-application communication platform) can suppose a security risk, allowing attackers to read content in messages and to insert malicious messages between applications. <ref name=berkeley>Felt, A. P., Chin, E., Hanna, S., Song, D., & Wagner, D. (2011, October). Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security (pp. 627-638). ACM.</ref>
 
Google currently uses their [[Google Bouncer]] malware scanner to watch over and scan the Google Play store apps.<ref>{{cite web|last=Chirgwin|first=Richard|title=Google Bouncer flaw|url=http://www.theregister.co.uk/2012/06/04/breaking_google_bouncer/|work=Tech news site and blog|publisher=The Register|accessdate=20 November 2012}}</ref> It is intended to flag up suspicious apps and warn users of any potential issues with an application before they download it.<ref>{{cite web|last=Whittaker |first=Zack |url=http://www.zdnet.com/google-building-malware-scanner-for-google-play-report-7000005780/ |title=Google building malware scanner for Google Play: report |publisher=ZDNet |date=2012-10-15 |accessdate=2012-11-09}}</ref> Android version 4.2 ''Jelly Bean'' was released in 2012 with enhanced security features, including a malware scanner built into the system, which works in combination with Google Play but can scan apps installed from third party sources as well, and an alert system which notifies the user when an app tries to send a premium-rate text message, blocking the message unless the user explicitly authorises it.<ref>{{cite web|url=http://blogs.computerworld.com/android/21259/android-42-security |title=Exclusive: Inside Android 4.2's powerful new security system &#124; Computerworld Blogs |publisher=Blogs.computerworld.com |date=2012-11-01 |accessdate=2012-11-09}}</ref>
Retrieved from "https://en.wikipedia.org/wiki/Android_(operating_system)"